[secdir] Secdir review of draft-ietf-rmt-bb-lct-revised-09
Catherine Meadows <catherine.meadows@nrl.navy.mil> Thu, 02 July 2009 20:54 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B7E5B3A68DA; Thu, 2 Jul 2009 13:54:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6TlWJscM6So; Thu, 2 Jul 2009 13:54:39 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id A87353A6850; Thu, 2 Jul 2009 13:54:39 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.6/8.13.6) with ESMTP id n62Kt15j025180; Thu, 2 Jul 2009 16:55:01 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.6/8.13.6) with SMTP id n62Kscex027229; Thu, 2 Jul 2009 16:54:42 -0400 (EDT)
Received: from gilgamesh.fw5540.net ([10.0.3.67]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2009070216543814980 ; Thu, 02 Jul 2009 16:54:38 -0400
Message-Id: <79F2D899-118B-4FBD-BA29-9B65FFD6F6B7@nrl.navy.mil>
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org, luby@qualcomm.com, watson@qualcomm.com, vicisano@qualcomm.com, Brian Adamson <adamson@itd.nrl.navy.mil>, lorenzo@vicisano.net
Content-Type: multipart/alternative; boundary="Apple-Mail-17--174581501"
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Thu, 02 Jul 2009 16:54:34 -0400
X-Mailer: Apple Mail (2.935.3)
Subject: [secdir] Secdir review of draft-ietf-rmt-bb-lct-revised-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2009 20:54:40 -0000
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This paper concerns the Layered Coding Transport building block. LCT
provides
support for massively scalable protocols using the IP multicast
network service.
LCT supports sessions consisting or multiple channels, all with the
same sender, but
many different receivers. This makes it compatible with many
massively scalable congestion
control protocols that use this structure.
When we are dealing with massively scalable congestion control
protocols, the question
of denial of service naturally comes to mind. Thus the security
considerations section
rightly mainly concerns itself with that. However, it left me with
several questions.
1. The introduction says that "Protocol Instantiations that use the
LCT building block MUST
address the security requirements described in the following
sections." But there are no MUSTs
or MUST NOTs in the following sections. Indeed,sections 8.1 and 8.2
don't contain any recommendations
at all; they simply identify vulnerabilities (which could, however, be
addressed by authentication). I would
suggest either toning down the introduction ("MUST address the
potential vulnerabilities" instead of "MUST address
the requirements") or beef up the specific sections.
2. The sections themselves have a kind of piecemeal feel about them,
addressing specific potential attacks, but
without giving a feeling that everything that is covered. It might be
a better idea to describe what services security mechanisms
could provide (e.g. authentication, confidentiality) describe the
various each service offered by LCT and its vulnerabilities,
and then what security services would address. I suspect, given the
vulnerabilities that the authors have already described, it
would mostly boil down to identifying which LCT data should or must be
authenticated.
Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-rmt-bb-lct-r… Catherine Meadows
- Re: [secdir] Secdir review of draft-ietf-rmt-bb-l… Watson, Mark